Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Oct 2 – Oct 9, 2023 14 min read

Infostealers Weekly Report: 2023-10-02 – 2023-10-09

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 190,774 Compromised Machines
#2 25,572 Compromised Employees
#3 100,874 Compromised Users
#4 64,328 Compromised Androids
#5 429,316 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 210
Infections by country

Top 25 countries

  1. #1 Brazil 15,966
  2. #2 Unknown Region 13,565
  3. #3 Pakistan 9,915
  4. #4 Turkey 9,723
  5. #5 Indonesia 8,482
  6. #6 Egypt 8,275
  7. #7 India 8,210
  8. #8 Philippines 7,336
  9. #9 Thailand 6,280
  10. #10 Bangladesh 5,304
  11. #11 United States of America 4,298
  12. #12 Mexico 4,250
  13. #13 Vietnam 4,189
  14. #14 Peru 3,771
  15. #15 Algeria 3,291
  16. #16 Morocco 3,216
  17. #17 Colombia 3,041
  18. #18 Iraq 2,616
  19. #19 Unknown 2,606
  20. #20 Sri Lanka 2,393
  21. #21 Germany 2,388
  22. #22 Malaysia 2,092
  23. #23 Spain 2,067
  24. #24 Italy 1,945
  25. #25 Nigeria 1,941

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 82,061 users
  2. #2 facebook.com 73,401 users
  3. #3 live.com 68,684 users
  4. #4 instagram.com 36,865 users
  5. #5 discord.com 34,003 users
  6. #6 com.facebook.katana 33,788 users
  7. #7 netflix.com 32,303 users
  8. #8 amazon.com 27,825 users
  9. #9 roblox.com 27,000 users
  10. #10 twitter.com 26,378 users
  11. #11 steampowered.com 25,504 users
  12. #12 com.instagram.android 23,390 users
  13. #13 paypal.com 22,998 users
  14. #14 com.netflix.mediaclient 21,691 users
  15. #15 microsoftonline.com 21,109 users
  16. #16 linkedin.com 20,177 users
  17. #17 apple.com 19,149 users
  18. #18 mega.nz 18,540 users
  19. #19 riotgames.com 18,220 users
  20. #20 twitch.tv 18,192 users
  21. #21 spotify.com 17,942 users
  22. #22 epicgames.com 16,381 users
  23. #23 com.discord 14,988 users
  24. #24 zoom.us 14,759 users
  25. #25 steamcommunity.com 14,527 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 hostinger.com 349 employees
  2. #2 icicibank.com 316 employees
  3. #3 wp.pl 280 employees
  4. #4 aruba.it 265 employees
  5. #5 rediff.com 199 employees
  6. #6 163.com 194 employees
  7. #7 laureate.net 159 employees
  8. #8 banquemisr.com 154 employees
  9. #9 sempreser.com.br 150 employees
  10. #10 alxswe.com 148 employees
  11. #11 freemail.hu 146 employees
  12. #12 pec.it 143 employees
  13. #13 secureserver.net 133 employees
  14. #14 tim.it 130 employees
  15. #15 o2.pl 127 employees
  16. #16 rockwellautomation.com 125 employees
  17. #17 abv.bg 125 employees
  18. #18 aiou.edu.pk 120 employees
  19. #19 qq.com 119 employees
  20. #20 secop.gov.co 115 employees
  21. #21 jwpub.org 112 employees
  22. #22 bcb.gov.br 110 employees
  23. #23 sts.net.pk 110 employees
  24. #24 netpnb.com 108 employees
  25. #25 bluehost.com 107 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 rockwellautomation.com 125 employees
  2. #2 microsoft.com 72 employees
  3. #3 ibm.com 38 employees
  4. #4 publix.com 18 employees
  5. #5 cognizant.com 13 employees
  6. #6 att.com 10 employees
  7. #7 netflix.com 9 employees
  8. #8 paypal.com 8 employees
  9. #9 cablevision.com 6 employees
  10. #10 hp.com 6 employees
  11. #11 twc.com 5 employees
  12. #12 apple.com 5 employees
  13. #13 jpmorganchase.com 4 employees
  14. #14 genesishcc.com 4 employees
  15. #15 oracle.com 3 employees
  16. #16 cisco.com 3 employees
  17. #17 ups.com 3 employees
  18. #18 henryschein.com 3 employees
  19. #19 morganstanley.com 3 employees
  20. #20 pg.com 3 employees

Compromised users

  1. #1 google.com 82,061 users
  2. #2 facebook.com 73,401 users
  3. #3 netflix.com 32,303 users
  4. #4 amazon.com 27,825 users
  5. #5 paypal.com 22,998 users
  6. #6 apple.com 19,149 users
  7. #7 ebay.com 4,653 users
  8. #8 oracle.com 3,461 users
  9. #9 microsoft.com 3,303 users
  10. #10 cisco.com 2,817 users
  11. #11 hp.com 2,661 users
  12. #12 nike.com 2,135 users
  13. #13 ibm.com 1,107 users
  14. #14 walmart.com 1,095 users
  15. #15 ups.com 900 users
  16. #16 westernunion.com 819 users
  17. #17 fedex.com 513 users
  18. #18 intel.com 505 users
  19. #19 bestbuy.com 463 users
  20. #20 adp.com 445 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

33,788 users

#2

Instagram

instagram.com · com.instagram.android

23,390 users

#3

Netflix

netflix.com · com.netflix.mediaclient

21,691 users

#4

Discord

discord.com · com.discord

14,988 users

#5

Roblox

roblox.com · com.roblox.client

13,671 users

#6

Spotify

spotify.com · com.spotify.music

12,403 users

#7

Twitch

app.com · tv.twitch.android.app

11,419 users

#8

Twitter

twitter.com · com.twitter.android

10,212 users

#9

Snapchat

snapchat.com · com.snapchat.android

9,793 users

#10

PayPal

paypal.com · com.paypal.android.p2pmobile

6,247 users

#11

Zoom

videomeetings.com · us.zoom.videomeetings

5,348 users

#12

LinkedIn

linkedin.com · com.linkedin.android

5,210 users

#13

Mega

app.com · mega.privacy.android.app

5,168 users

#14

Wish

contextlogic.com · com.contextlogic.wish

4,811 users

#15

Disney

disney.com · com.disney.disneyplus

4,587 users

#16

Mercadolibre

mercadolibre.com · com.mercadolibre

4,238 users

#17

Alibaba

alibaba.com · com.alibaba.aliexpresshd

4,140 users

#18

Waze

waze.com · com.waze

4,111 users

#19

Xiaomi

xiaomi.com · com.xiaomi.account

3,759 users

#20

Pinterest

pinterest.com · com.pinterest

2,525 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 3,241,851 users
  2. #2 hotmail.com 408,072 users
  3. #3 yahoo.com 163,422 users
  4. #4 outlook.com 91,097 users
  5. #5 icloud.com 25,164 users
  6. #6 live.com 17,534 users
  7. #7 hotmail.fr 13,412 users
  8. #8 mail.ru 10,200 users
  9. #9 yahoo.fr 9,801 users
  10. #10 yahoo.com.br 9,743 users
  11. #11 libero.it 8,593 users
  12. #12 msn.com 7,419 users
  13. #13 ymail.com 7,054 users
  14. #14 orange.fr 7,028 users
  15. #15 gmx.de 5,736 users
  16. #16 aol.com 5,561 users
  17. #17 hotmail.it 5,274 users
  18. #18 yahoo.co.id 5,101 users
  19. #19 googlemail.com 4,684 users
  20. #20 free.fr 4,508 users
  21. #21 hotmail.es 4,464 users
  22. #22 web.de 3,981 users
  23. #23 yahoo.it 3,828 users
  24. #24 mail.com 3,823 users
  25. #25 live.fr 3,326 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 73,401 accounts
  2. #2 twitter.com 26,380 accounts
  3. #3 instagram.com 36,866 accounts
  4. #4 linkedin.com 20,182 accounts
  5. #5 pinterest.com 6,140 accounts
  6. #6 tiktok.com 6,392 accounts
  7. #7 snapchat.com 7,547 accounts
  8. #8 reddit.com 3,218 accounts
  9. #9 youtube.com 496 accounts
  10. #10 weibo.com 199 accounts
  11. #11 vk.com 4,433 accounts
  12. #12 telegram.org 681 accounts
  13. #13 tumblr.com 2,163 accounts
  14. #14 discord.com 34,003 accounts
  15. #15 flickr.com 1,083 accounts
  16. #16 myspace.com 170 accounts
  17. #17 badoo.com 868 accounts
  18. #18 meetup.com 108 accounts
  19. #19 quora.com 609 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 RedLine 117,972machines
  2. #2 Lumma 69,219machines
  3. #3 Mystic 2,203machines
  4. #4 Generic Stealer 1,363machines
  5. #5 StealC 17machines

Anti-virus Coverage

  1. #1 Windows Defender 106,372machines
  2. #2 Avast Antivirus 3,822machines
  3. #3 360 Total Security 3,767machines
  4. #4 Reason Cybersecurity 3,306machines
  5. #5 McAfee Firewall 2,255machines
  6. #6 McAfee VirusScan 1,807machines
  7. #7 AVG Antivirus 1,045machines
  8. #8 ESET Security 858machines
  9. #9 Kaspersky Internet Security 682machines
  10. #10 Norton Security Ultra 653machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 336,847hits
  2. #2 sso 87,012hits
  3. #3 zoom 33,000hits
  4. #4 github 18,162hits
  5. #5 webmail 14,174hits
  6. #6 adfs 9,601hits
  7. #7 oracle 7,214hits
  8. #8 sap 6,049hits
  9. #9 zendesk 5,243hits
  10. #10 owa 5,007hits
  11. #11 cpanel 4,400hits
  12. #12 ping 4,132hits
  13. #13 vpn 4,023hits
  14. #14 sts 3,288hits
  15. #15 webex 2,713hits
  16. #16 kaspersky 2,468hits
  17. #17 ftp 2,105hits
  18. #18 st 1,887hits
  19. #19 roundcube 1,788hits
  20. #20 extranet 1,722hits
  21. #21 imap 1,664hits
  22. #22 okta 1,253hits
  23. #23 twilio 1,038hits
  24. #24 salesforce 1,032hits
  25. #25 gitlab 952hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

  • 14K machines
  • 4K users
  • 187K domains
View report →
May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

  • 25K machines
  • 2K users
  • 319K domains
View report →
Free Tools Check your exposure